Linux Today: Linux News On Internet Time.

More on LinuxToday

Metasploit Takes Aim at Cisco Insecurity

Dec 18, 2010, 09:05 (0 Talkback[s])
(Other stories by Sean Michael Kerner)

[ Thanks to SMK for this link. ]

"The Metasploit security vulnerability testing framework is getting an update this week with the Metasploit 3.5.1 release, which includes new capabilities that take aim at networking gear from Cisco.

"Metasploit provides a framework with which security researchers can test and enumerate the security posture of their networks. The addition of specific features that target Cisco (NASDAQ: CSCO) equipment isn't directly related to any specific, newly discovered exploits in Cisco technology.

""We did not coordinate with Cisco's PSIRT (Product Security Incident Response Team) as the two vulnerabilities exploited by this feature are over 10 years old – authentication bypass flaws in the IOS HTTP service," HD Moore, Rapid7 Chief Security Officer and Metasploit chief architect told InternetNews.com. "There are a number of tools that support each of these attacks methods individually, but the value provided by this release is in the attack chaining and automation.""

Complete Story

Related Stories: